The present invention relates to secure broadband communication and, in particular, to secure communication between a client device, such as a PC (Personal Computer) computer, and a server device such as an Internet Service Provider (ISP) via broadband networks, including wireless networks such as cable or satellite links.
The Internet is a global, linked web of thousands of networks, each with thousands of servers with vast arrays of information. The speed of transmission varies considerably for different nodes on this web of networks. For example, academic institutions and large private companies have direct, fast links to the Internet via high-speed leased telephone lines or high-speed broadband switched digital services. However, the average computer user must communicate with an ISP via a low-speed telephone modem, as these higher speed technologies are too expensive and complicated for the average consumer. Thus, most average computer users must spend lengthy periods waiting for the desired information to be received, or xe2x80x9cdownloadedxe2x80x9d, from their ISP.
Recently, broadband networks have been proposed as a solution to this problem. These broadband networks can include wireless cable or satellite links, and typically transmit data hundreds of times faster than existing low speed telephone networks. To make such service even more accessible to the average user, such networks are sometimes used for downstream communication from the ISP to the client device, while upstream communication is done through a telephone modem. In this case, the computer user need only purchase one additional hardware device, a broadband modem, in order to obtain fast broadband network service.
However, such broadband network service, particularly through wireless networks, has added new problems. For example, wireless networks are potentially easily accessed by intruders, leaving data transmissions vulnerable to unauthorized interceptions. If two different networks are used for upstream and downstream communication, different types of hardware at the ISP must send and receive data, thereby requiring coordination between these types of hardware. Finally, transmitting data to a specific user is more complicated with broadband networks than with telephone networks, since data is broadcast to many users simultaneously so that the client device must select the correct data to be received. Thus, security and selectivity of reception of data are challenges for broadband networks and for the broadband modems used on these networks.
One attempt to solve the problem of security for broadband modems is disclosed in U.S. Pat. No. 5,347,304, which describes a remote link adapter for use in receiving TV data broadcasts. This remote link adapter includes a standard digital encryption standard (DES) chip-set for security, and a digitally encoded address. However, no provision is made for security during the xe2x80x9cloginxe2x80x9d procedure, when the client device first connects to the ISP. As disclosed in U.S. Pat. No. 5,347,304, the required keys are distributed during xe2x80x9cloginxe2x80x9d. Should the xe2x80x9cloginxe2x80x9d procedure be intercepted by an unauthorized user, the security of the system would be compromised. Furthermore, the requirement for transmission of keys each time xe2x80x9cloginxe2x80x9d occurs is complicated and cumbersome for the ISP or other data source, since such a source must incorporate the transmitted keys every time the user desires access. Thus, the device disclosed in U.S. Pat. No. 5,347,304 is both cumbersome and lacks security.
There is therefore a need for, and it would be highly desirable to have, a system for secure communication on a broadband network, which would allow specific reception of data by a designated client device and which would prevent access by unauthorized users, yet which is simple and secure to use.
According to the teachings of the present invention there is provided a system for secure broadband communication, including: (a) a server device for transmitting data; and (b) a client device including a broadband modem for receiving data, the broadband modem including: (i) a public hardware identification key for being sent to the server device, such that the client device is identified by the public hardware identification key and such that the server device permits transmission to the client device through the broadband modem according to the public hardware identification key, and (ii) a private hardware identification key for controlling reception of data by the client device through the broadband modem, the private hardware identification key being known by the server device, such that substantially only data being marked by the private identification key is passed to the client device from the server device by the broadband modem.
Preferably, the data is encrypted by the server device with the private hardware identification key, such that only the broadband modem can de-encrypt the data. Alternatively and preferably, the data is encrypted with both the private hardware identification key and the public hardware identification key. Also alternatively and preferably, the data is marked both with the public hardware identification key and the private hardware identification key.
According to a preferred embodiment of the present invention, the server device also includes an access server and a transmitter gateway, the access server featuring a database of public and private hardware identification keys such that the public identification key of the client device is used to determine the private hardware identification key of the client device, the private hardware identification key being given to the transmitter gateway such that the transmitter gateway marks the data with the private hardware identification key. Preferably, the transmitter gateway further encrypts the data with the private hardware identification key. Alternatively and preferably, the transmitter gateway further encrypts the data with both the private hardware identification key and the public hardware identification key.
According to another preferred embodiment of the present invention, the broadband modem includes a packet filter for determining if the data is marked with the private hardware identification key, such that the packet filter passes the data to the client device substantially only if the data is marked with the private hardware identification key. Preferably, the client device further includes a communication card for sending data to the server device, such that the communication card sends the public hardware identification key to the server device.
Also according to the present invention, there is provided a method of marking transmitted data for reception by a client device, the method including the steps of: (a) receiving a public hardware identification key from the client device; (b) determining a private hardware identification key from the public hardware identification key; and (c) marking the data to be transmitted with the private hardware identification key, such that the client device only receives data marked with the private hardware identification key. Preferably, the data are encrypted with the private hardware identification key. Alternatively and preferably, the data are encrypted with both the private hardware identification key and the private hardware identification key.
Hereinafter, the term xe2x80x9cISPxe2x80x9d refers to an Internet Service Provider, which includes any server device providing information to a client device. For example, an ISP could be a server computer which enables a client computer to receive and/or transmit information to or from a network. Hereinafter, the term xe2x80x9cnetworkxe2x80x9d includes any LAN (local area network), WAN (wide area network), or any other connection between two computers or similar devices.